-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
5 changed files
with
83 additions
and
7 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,3 +5,4 @@ instance/ | |
| backup/ | ||
| uploads/ | ||
| fhost_db.sql/ | ||
| ssl/ | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,51 @@ | ||
| http { | ||
| upstream zxz_url { | ||
| # ip_hash; | ||
| # List the Flask app servers in the container | ||
| server zxz1:5000; | ||
| } | ||
|
|
||
| server { | ||
| listen 80; | ||
| server_name _; # Accept all server names | ||
| # server_name yourdomain.com; # Replace with your domain | ||
|
|
||
| location / { | ||
| proxy_pass http://zxz_url/; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| } | ||
| } | ||
|
|
||
| server { | ||
| listen 443 ssl; | ||
| server_name _; # Accept all server names | ||
| # server_name yourdomain.com; # Replace with your domain | ||
|
|
||
| ssl_certificate /etc/nginx/ssl/nginx.crt; | ||
| ssl_certificate_key /etc/nginx/ssl/nginx.key; | ||
|
|
||
| # Enable TLS 1.2 and TLS 1.3 | ||
| ssl_protocols TLSv1.2 TLSv1.3; | ||
|
|
||
| # Configure SSL ciphers | ||
| ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; | ||
|
|
||
| ssl_prefer_server_ciphers off; # TLS 1.3 has its own cipher suite selection process | ||
| ssl_session_cache shared:SSL:10m; | ||
| ssl_session_timeout 1h; | ||
| ssl_session_tickets off; | ||
|
|
||
| location / { | ||
| proxy_pass http://zxz_url/; | ||
| proxy_set_header Host $host; | ||
| proxy_set_header X-Real-IP $remote_addr; | ||
| proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; | ||
| proxy_set_header X-Forwarded-Proto $scheme; | ||
| } | ||
| } | ||
| } | ||
|
|
||
| events {} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| ```bash | ||
| # Generate a private key | ||
| openssl genpkey -algorithm RSA -out /etc/nginx/ssl/nginx.key | ||
|
|
||
| # Generate a self-signed certificate | ||
| openssl req -new -x509 -key /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.crt -days 365 | ||
| ``` |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters